** Changed in: linux (Ubuntu Bionic) Status: Fix Committed => Fix Released
** Changed in: linux (Ubuntu Xenial) Status: Fix Committed => Fix Released ** Changed in: linux (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1783110 Title: >= linux-4.4.0-130: 14 bytes memory leaked when sending AF_PACKET / SOCK_RAW frames Status in linux package in Ubuntu: Fix Released Status in linux source package in Xenial: Fix Released Status in linux source package in Bionic: Fix Released Bug description: Vulnerable: linux-image-4.4.0-130-generic, linux-image-4.4.0-131-generic Not vulnerable: linux-image-4.4.0-128-generic Bug (likely) introduced by commit: https://github.com/torvalds/linux/commit/b84bbaf7a6c8cca24f8acf25a2c8e46913a947ba Likely fixed upstream with (NOT VERIFIED): https://github.com/torvalds/linux/commit/9aad13b087ab0a588cd68259de618f100053360e Discussion about these commits on maillist, including someone referring to this bug: https://www.mail-archive.com/search?l=net...@vger.kernel.org&q=subject:%22Re%5C%3A+%5C%5BPATCH+net%5C%5D+packet%5C%3A+in+packet_snd+start+writing+at+link+layer+allocation%22&o=newest&f=1 When sending packets with AF_PACKET / SOCK_RAW, the actual transmitted packet contains 14 additional bytes at the end of the payload. Observations do show non-zero bytes getting leaked. See attached source for a simple proof of concept that sends a raw packet on the loopback interface. The payload should be 40 bytes of 0xAA, but tcpdump clearly shows 14 additional bytes are added. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1783110/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp